1. Home
  2. Categories

Categories

  • Announcements regarding our community

    Release
    91
    Topics
    138
    Posts

    A

    Hey, are you interested in learning more about JSON Web Tokens and how to protect your APIs with them?

    Join my talk hosted by the great peeps at Gun.io!

    https://www.meetup.com/gundotio/events/302264818/

  • Connect with other community members to discuss CIAM, architecture, app development, and more.

    556
    Topics
    1.8k
    Posts

    E

    @mark-robustelli No worries, we do have a working setup now after a slew of theme tweaks. That said there is still an outstanding question and a possible bug (both low priority).

    The question: What happened to the ability to complete an oauth authentication flow by POSTing a code to /oauth2/passwordless? That worked in 1.48.3 but not in 1.55.1.

    The potential bug: Why does a GET call to /oauth2/passwordless/<invalid code> redirect the user to the browser confirmation page (even when the request is from the same browser) instead of an invalid code page?

  • Share your tips and feedback with FusionAuth and the FusionAuth community.

    86
    Topics
    283
    Posts

    mark.robustelliM

    @maciej-wisniowski Looks like you are getting some traction on the issue. Thanks for taking the time to work through this and submit the issue to make FusionAuth better.

  • You've got questions? We've got answers.

    1.6k
    Topics
    4.9k
    Posts

    mark.robustelliM

    @hamza-chouaibi Have you been through the FusionAuth and Proxies documentation? Are you sure Nginx has been configured properly?

  • Share and discuss community blog posts.

    169
    Topics
    190
    Posts

  • A read-only knowledge base of questions asked and answered about FusionAuth.

    7
    Topics
    14
    Posts

    W

    1. User Linking Issues Between SP & IdP-Initiated Logins

    No, this behavior is not expected—you should not need to drop and re-link users every time they switch login methods.

    Troubleshooting Steps:

    Are these configured as two separate Identity Providers in FusionAuth? If so, ensure they are both linked to the same FusionAuth user. If they are separate, FusionAuth may be treating them as different authentication sources, causing conflicts. Is Azure using the same application for both login flows? If different applications are used in Azure, they may be sending different user identifiers to FusionAuth. Enable Debug Logging in FusionAuth: Go to System > Event Log and enable Debug Mode in the Identity Provider settings. Compare the SAML attributes (claims) being sent in SP vs. IdP-initiated logins. If they differ, you may need to adjust Azure’s claim mappings to ensure consistency.

    2. Ensuring Correct Redirect URL in IdP-Initiated Flow

    Yes, RelayState works in FusionAuth, but there are specific requirements:

    Check Your FusionAuth Version

    RelayState support was added in FusionAuth 1.41.0+. If you are on an older version, FusionAuth will default to the first redirect URL in the list.

    Correct RelayState Configuration

    Ensure the target redirect URL is listed as an "Authorized Redirect URL" in the FusionAuth application settings. URL-encode the redirect URL before appending it to RelayState. Example: https://example.com/welcome → https%3A%2F%2Fexample.com%2Fwelcome Append the encoded URL to the ACS URL in Azure.

    Example ACS URL with RelayState:

    https://your-fusionauth-instance/samlv2/acs?RelayState=https%3A%2F%2Fexample.com%2Fwelcome Test by logging in via IdP-initiated flow and checking if FusionAuth respects the RelayState.

    Additional References:

    SAML Redirects in FusionAuth IdP-Initiated SAML Login

    Summary:

    User linking issues are likely caused by different SAML claims or separate Identity Provider configurations in FusionAuth. Enable debugging to check for mismatched attributes. RelayState should work in IdP-initiated logins if you are on FusionAuth 1.41.0+, URL-encode the redirect URL, and ensure it is allowed in the application's settings.

  • Connect with people who can help you with FusionAuth projects.

    13
    Topics
    15
    Posts